aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-19 15:04:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix xxs vulns

Browse Source
This commit is contained in:
nicolas.dorier
2017-10-24 14:52:19 +09:00
parent 9a0d0a7124
commit a5bd27661b
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
BTCPayServer/Extensions.cs
View File

@@ -49,10 +49,10 @@ namespace BTCPayServer
} }
private static JsonSerializerSettings jsonSettings = new JsonSerializerSettings { ContractResolver = new CamelCasePropertyNamesContractResolver() }; private static JsonSerializerSettings jsonSettings = new JsonSerializerSettings { ContractResolver = new CamelCasePropertyNamesContractResolver() };
public static HtmlString ToJson(this object o) public static string ToJson(this object o)
{ {
var res = JsonConvert.SerializeObject(o, Formatting.None, jsonSettings); var res = JsonConvert.SerializeObject(o, Formatting.None, jsonSettings);
return new HtmlString(res); return res;
} }
} }
} }

3
BTCPayServer/Views/Invoice/Checkout.cshtml
View File

@@ -1,4 +1,5 @@
@model PaymentModel @model PaymentModel
@inject System.Text.Encodings.Web.JavaScriptEncoder jsEncoder;
@{ @{
Layout = null; Layout = null;
ViewData["Title"] = "Payment"; ViewData["Title"] = "Payment";
@@ -27,7 +28,7 @@
crossorigin="anonymous"></script> crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery.qrcode/1.0/jquery.qrcode.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery.qrcode/1.0/jquery.qrcode.min.js"></script>
<script type="text/javascript"> <script type="text/javascript">
var srvModel = JSON.parse('@Model.ToJson()'); var srvModel = JSON.parse('@jsEncoder.Encode(Model.ToJson())');
</script> </script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js"></script>
<script src="~/js/core.js" type="text/javascript" defer="defer"></script> <script src="~/js/core.js" type="text/javascript" defer="defer"></script>